The --audit-log-maxage argument is not set appropriately
Description
Retain the logs for at least 30 days or as appropriate. Retaining logs for at least 30 days ensures that you can go back in time and investigate or correlate any events. Set your audit log retention period to 30 days or as per your business requirements.
Code Example
yaml
{
"apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
component: kube-apiserver
tier: control-plane
name: kube-apiserver
namespace: kube-system
spec:
containers:
- command:
+ - kube-apiserver
+ - --audit-log-maxage=40
image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.0
...",
}Remediation
Kubernetes
- Kind: Pod
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1147 |
| Severity | LOW |
| IaC Type | Kubernetes |
| Frameworks | Kubernetes, |
| Checkov ID | CKV_K8S_92 |